The Curious Case of the Payroll Pilfering

Jul 1, 2024 1:54:30 PM By Javvad Malik

In a world where cyber espionage has become as common as a rainy day in London, the recent events surrounding the UK armed forces' payroll database have had us all raising our eyebrows ...

New Malware Campaign Impersonates AI Tools To Trick Users

Jul 1, 2024 1:54:27 PM By Stu Sjouwerman

Researchers at ESET warn that malvertising campaigns are impersonating AI tools to trick users into installing malware. The Rilide infostealer, for example, is being distributed via a ...

Russian Threat Actor Launches Spear Phishing Attacks Against French Diplomats

Jun 27, 2024 1:46:32 PM By Stu Sjouwerman

France’s cybersecurity agency ANSSI has issued an alert outlining a Russian spear phishing campaign targeting French diplomats, the Record reports. The agency attributes the campaign to ...

FBI Warns of Phishing Campaign Targeting the Healthcare Industry

Jun 27, 2024 1:46:27 PM By Stu Sjouwerman

The US FBI and the Department of Health and Human Services (HHS) have released a joint advisory warning of a social engineering campaign that’s targeting the healthcare industry.

BEC Attacks Accounted for More Than One in Ten Social Engineering Attacks in 2023

Jun 24, 2024 9:21:30 AM By Stu Sjouwerman

A new report from Barracuda has found that email conversation hijacking attacks have risen by 70% since 2022. Additionally, business email compromise (BEC) attacks accounted for 10.6% of ...

My Hacker Story: A Cautionary Tale of Intern Antics and Cultural Learnings

Jun 24, 2024 8:31:12 AM By Javvad Malik

My hacker story does not paint me in the best light, and it is not intended to. I am a firm believer in sharing one's mistakes and being open to learning from them.

Vacation-Themed Scams Are Spiking

Jun 20, 2024 11:33:45 AM By Stu Sjouwerman

Scammers are now impersonating legitimate services like Booking.com and Kayak to target people planning their summer vacations. One out of every 33 vacation-themed domains registered last ...

Brazilian Entities Increasingly Targeted by Nation-State Phishing Attacks

Jun 18, 2024 1:58:40 PM By Stu Sjouwerman

Mandiant has published a report looking at cyber threats targeting Brazil, finding that more than 85% of government-backed phishing activity comes from threat actors based in China, North ...

[Heads Up] Tricky Fake Invoice Phishing Attack Uses Search to Deliver Malware

Jun 17, 2024 3:16:07 PM By Stu Sjouwerman

Researchers at Trustwave warn that a phishing campaign is distributing malware via HTML attachments disguised as invoices. Notably, the HTML files abuse the Windows Search protocol to ...

Phishing Campaign Targets Job Seekers With WARMCOOKIE Backdoor

Jun 14, 2024 3:47:55 PM By Stu Sjouwerman

A phishing campaign is impersonating recruiting firms to target job seekers with a new strain of malware, according to researchers at Elastic Security.

[New Feature] Find Out if They've Got a Bad Reputation in Record Time with PhishER Plus Threat Intel

Jun 10, 2024 8:00:00 AM By Stu Sjouwerman

The PhishER Plus platform just got smarter with the addition of the new PhishER Plus Threat Intel feature that integrates web reputation data into the PhishER Plus console.

Nearly Three-Quarters of Organizations Were the Target of Attempted Business Email Compromise Attacks

Jun 7, 2024 2:20:40 PM By Stu Sjouwerman

New data highlights just how dangerous Business Email Compromise attacks are.

Breach or Bluff: Cyber Criminals' Slippery Tactics

Jun 7, 2024 8:16:12 AM By Javvad Malik

When the news first broke about a potential data breach at Ticketmaster, the details were murky. The Department of Home Affairs confirmed a cyber incident affecting Ticketmaster ...

Minnesotans Targeted by Scammers With Phony Arrest Warrants

Jun 7, 2024 8:14:43 AM By Stu Sjouwerman

The Minnesota Judicial Branch has issued an advisory warning that scammers are messaging Minnesotans with phony arrest warrants for missing jury duty.

“Operation Endgame” Ends with the Arrest of 4 Cybercriminal Suspects and 100 Servers

Jun 6, 2024 8:27:15 AM By Stu Sjouwerman

Coordinated efforts between law enforcement agencies across nine countries has resulted in a major disruption of a threat group’s malware and ransomware operations.

26% of Global Organizations Lack Security Training Programs

Jun 6, 2024 8:26:39 AM By Stu Sjouwerman

More than a quarter (26%) of organizations around the world provide no security awareness training for their employees, according to a survey by Hornetsecurity. The researchers found that ...

Best Buy/Geek Squad Impersonation Scams Surged in 2023

Jun 4, 2024 1:14:20 PM By Stu Sjouwerman

The US Federal Trade Commission (FTC) has found that Best Buy, and its tech support subsidiary Geek Squad, were the most commonly impersonated brands by scammers in 2023.

Email Compromise Continues to Dominate as Top Threat Incident Type as Tactics Evolve

Jun 4, 2024 1:14:16 PM By Stu Sjouwerman

As email compromise attacks increase, analysis of tactics provides context on how organizations need to evolve their defenses.

Russia’s Military Intelligence Service Launches Spear Phishing Attacks

Jun 3, 2024 1:39:24 PM By Stu Sjouwerman

Researchers at Recorded Future warn that BlueDelta, a threat actor tied to Russia’s GRU, is launching spear phishing attacks against European defense and transportation entities.

New Transparent Phishing Attacks Leverage Cloudflare Worker Serverless Computing

Jun 3, 2024 1:39:21 PM By Stu Sjouwerman

An increasing number of phishing campaigns from several threat groups are being tracked as they leverage legitimate Cloudflare services as part of account compromise attacks.

Security Awareness Training Blog

View Topics